DMV reveals data breach discovered in March

This is an archived article that was published on sltrib.com in 2013, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

A Utah Division of Motor Vehicles employee was fired in March after the agency discovered she allegedly gave out people's personal information.

In response to a Salt Lake Tribune inquiry, DMV spokesman Charlie Roberts confirmed that the agency first learned from the Salt Lake City Fire Department in mid-March that the employee, who was not immediately identified, had allegedly released Utahns' confidential information taken from DMV databases.

"Once we had a sworn statement from the [fire department] that [the employee] had confessed to releasing confidential information, we contacted the employee," Roberts said. She was terminated March 11. She was a customer service clerk who had been with the division about 14 years, but Roberts was not sure how long the alleged data breach had been going on or how many people would have been affected.

The matter is an administrative one for the DMV and it isn't their policy to make a public announcement about such a compromise of information, Roberts said.

The DMV has 2.5 million records, but the extent of that personal information is limited to what's on your car registration, Roberts said. That means Social Security numbers and dates of birth were safe, he added.

Investigators took the woman's work hard drive, computer, printer and anything that might have data on it that a forensics lab can investigate, Roberts said.

The DMV is upgrading its software security. Roberts said they started that update before they knew of the breach, and expect the new system to be online by October.

Reader comments on sltrib.com are the opinions of the writer, not The Salt Lake Tribune. We will delete comments containing obscenities, personal attacks and inappropriate or offensive remarks. Flagrant or repeat violators will be banned. If you see an objectionable comment, please alert us by clicking the arrow on the upper right side of the comment and selecting "Flag comment as inappropriate". If you've recently registered with Disqus or aren't seeing your comments immediately, you may need to verify your email address. To do so, visit disqus.com/account. See more about comments here.